mcp-builder
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION] (MEDIUM): The
MCPConnectionStdioclass inscripts/connections.pyusesmcp.client.stdioto execute local system commands. This is a standard MCP feature but represents a high-risk capability if the commands or arguments are controlled by untrusted users. - [EXTERNAL_DOWNLOADS] (LOW): The skill implements SSE and HTTP transport mechanisms in
scripts/connections.pythat allow connections to external URLs. This capability could be used for data exfiltration if the agent is directed to connect to a malicious endpoint.
Audit Metadata